"The public-relations fallout for Sony BMG was compared by one analyst to the 1982 Chicago Tylenol murders."
Not in source. The source describes the seriousness of the incident, not the public-relations fallout.
Fixed – Replaced specific mention of Tylenol incident with a quote from the article. --Pnm (talk) 00:37, 17 December 2010 (UTC)
"The installation of rootkits is commercially driven, with a Pay-Per-Install (PPI) compensation method for distributors."
Dubious, unsupported by the source, and contradicts statements in Public availability. The source is about a single rootkit, which should be named.
"Given the stealth nature of rootkits, there are experts who believe that the only reliable way to remove them is to re-install the operating system from trusted media."
Synthesis. The sources support "some believe the only reliable way..." but neither source credits "the stealth nature of rootkits."
Fixed – Removed "Given the stealth nature of rootkits." --Pnm (talk) 01:26, 17 December 2010 (UTC)
"Most of the rootkits available on the Internet are constructed as an exploit or academic "proof of concept" to demonstrate varying methods of hiding things within a computer system and taking unauthorized control of it."
Misattributed, and dubious. The source says "some," not "most", includes the phrase "for now," and uses tone which further implies tentativeness/qualification.
The paragraph on the Sony rootkit scandal obscures what it's trying to say in order to sound NPOV. It should be rewritten to be more direct, less detailed, and more objective. Amazingly it buries the link to the main article Sony BMG CD copy protection scandal near the end of the paragraph, yet links to Sony BMG eight times. The mention of the 1982 Chicago Tylenol murders has a referencing problem (explained above).
The lead gives undue emphasis to the view that rootkits are beneficial. (The lead sentence does so by omitting "unauthorized." The end of the lead paragraph says rootkits have "negative connotations.") Using connotation implies merely subjective negativity The primary use of rootkits is gaining and preserving unauthorized access to a computer system. There are some rootkits that benefit the system owner, but in those cases the system owner installs the rootkit on purpose. These should be treated as the exceptional cases they are.
It is stable.
No edit wars, etc.:
It is illustrated by images, where possible and appropriate.
The caption on the illustration of security rings is confusing. After reading ring (computer security) I'm still confused. I don't understand whether it's possible to show the hypervisor ring (Ring -1) in such a diagram.
The minor issues can be corrected quickly. However, the sourcing and OR issues are serious, and will require careful review, source verification, and additional research. I don't think these steps should be rushed, so at this time I will fail the review.
^"Once a rootkit is installed, it allows an attacker to mask the ongoing intrusion and maintain privileged access to the computer by circumventing normal authentication and authorization mechanisms."
^"It is not uncommon to see a compromised system in which a sophisticated, publicly-available rootkit hides the presence of unsophisticated worms or attack tools that appear to have been written by inexperienced programmers."
^"System hardening represents one of the first layers of defence against a rootkit, to prevent it from being able to install. Applying security patches, implementing the principle of least privilege, reducing the attack surface and installing antivirus software are some standard security best practices that are effective against all classes of malware. Once these measures are in place, routine monitoring is required."
^"For example, binaries present on disk can be compared with their copies within operating memory (as the in-memory image should be identical to the on-disk image), or the results returned from file system or Windows Registry APIs can be checked against raw structures on the underlying physical disks—however, in the case of the former, some valid differences can be introduced by operating system mechanisms like memory relocation or shimming. Difference-based detection was used by Russinovich's RootkitRevealer tool to find the Sony DRM rootkit."